PT-2007-5815 · Php · Php

Publicado

2007-09-04

Atualizado

2018-10-26

CVE-2007-4657

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: PHP versions prior to 4.4.8 PHP versions prior to 5.2.4

Description: The issue allows remote attackers to obtain sensitive information or cause a denial of service via a large len value to the strspn or strcspn function, triggering an out-of-bounds read.

Recommendations: For PHP versions prior to 4.4.8, update to version 4.4.8 or later to resolve the issue. For PHP versions prior to 5.2.4, update to version 5.2.4 or later to resolve the issue. As a temporary workaround, consider restricting the input to the strspn and strcspn functions to prevent large len values.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-189

Identificadores relacionados

CVE-2007-4657

DSA-1444-1

DSA-1578-1

DTSA-61-1

Produtos afetados

Php

PT-2007-5815 · Php · Php

CVE-2007-4657

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31